eInvoicing is under scheduled maintenance

Dear user, the eInvoicing section will not be available until 24th April at 17:00 due to scheduled maintenance. We recommend refraining from using the eInvoicing service during this period. Thank you for your understanding.

Digital

Page tree

Skip to main content


1. eID Services


1. eIDAS-Node software releases

1.1. All releases

1.1.1. Current releases

Version Release date Features
2.9.0 04.02.2025

Main changes

  • SAML messages certificates rollover
    • Supports multiple signing and encryption certificates
    • Metadata caching: refresh of the signing certificates
    • Trust anchors reloading
  • Compatibility with Java 17
  • Update of dependencies
  • Support of Technical Specifications 1.4.1
  • Code Cleanup and refactoring
  • Bug/security  fixes
2.8.2 29.10.2024

Main changes

  • Security fix : Logging decrypted personal data of authenticated users by Proxy Service (EIDSD-814)
2.8.1 27.09.2024

Main changes

  • Support for PowerOfReprentationScope attribute and Other Generic Attributes
2.8.0 21.05.2024

Main changes

  • Support of Technical Specifications 1.4
  • Revocation : DSS CRL/OCSP
  • Security and Logging Module
  • Code Cleanup and refactoring
  • Bug/security  fixes
2.7.1 13.11.2023

Main changes

  • Automated retrieval of eIDAS-Nodes interconnections status for the eIDAS dashboard 
2.7 01.09.2023

Main changes

  • Split of the EidasNode into the EidasConnector and the EidasProxyService;
  • Alignment to Technical Specifications 1.3 (Support of new Common Attributes).
2.6

15.04.2022

Main changes

  • Addition of the support for PKCS11 AKA "HSM"
  • Removal the in-code enforcement of the usage of the BouncyCastle provider
  • Upgrade of OpenSaml dependencies from version 3.4.3 to version 4.1.1.
  • Seeing as the migration to OpenSaml 4 requires an upgrade to Java 11 (11_0_20), the supported list of servers has been changed with server that can support java 11.
  • The supported list of servers is now the following :
    • Tomcat v9.0.58
    • Wildfly 23.0.2 Final (Servlet Distribution)
    • Weblogic 14.1.1.0.0
    • WebSphere Liberty 21.0.0.5 (WebProfile 8)
  • Removal of Hazelcast support
  • Simplification of the eIDAS-Node default parameters
    • Most of entries in external configuration do not need to be explicitly defined anymore.
    • SAML Engine has now default configuration.
  • Removal of stork's QAA related code
  • Improvement of (default) configuration for SAML engine
  • ConfigurationSecurityBean code cleaning
  • Replacement of JKS keystores by PKCS12 keystores inside the sources
  • Disabled support for TLSv1.0 & TLSv1.1 in Java 11 revision 11
  • New metadata signature algorithm configuration entry
  • New key encryption Agreement Method algorithm configuration Entry
  • Use SHA-256 as Digest method with RSA-OAEP encryption
  • Error page adaptation to include contact details
  • Remove validation of 2 maximum number of MDSs
  • Junit tests coverage improvements
2.5 11.12.2020

Main changes

  • Technical Specifications 1.2:
    • Extension of Connector’s and Proxy-Service LOA validation to non-notified scheme LOAs
    • Extension of  Simple Protocol request to allow support to non-notified scheme LOAs
    • Implementation of support for 1.1 and 1.2 eIDAS specification for Gender attribute
    • Align allowed signature algorithms to eIDAS specification 1.2
    • Appropriate extensions to support RequesterID
    • Restriction of the node configuration to the use of TLSv1.2
    • Publication of the NodeCountry
    • Remove “No Specified” from Gender possible values
    • Extend Light Response to allow support of SAML consent values
  • Break of the LightRequest / LightResponse interface:
    • Add SP Country Code to Light Request interface
    • Generation of LightMessage model  from XSD
    • Extend Light Response to allow support of SAML consent values
  • eIDAS Default parameters configuration
  • Jcache support for the eIDAS Node
  • Logging of messages eIDAS Node 2.x branch
  • Bug fixes
  • Security fixes
  • Source code fixes
  • Documentation fixes
1.4.5 11.04.2019

Main changes

  • Bouncycastle dependency was upgraded from v1.52 to v1.60 clearing vulnerabilities

  • Bootstrap dependency was upgraded from v3.3.5 to v4.3.1 clearing vulnerabilities

  • This release has been successfully tested for interoperability with previous releases of eIDAS-Node versions of 2.2 and 1.4.4.
  • This release successfully tested and works with Middleware version 1.0.7.














1.1.2. Past releases

Version Release date Features
2.4 10.12.2019

Main changes:

  • Added key agreement support
  • Added support for Brainpool curves for SAML signing
  • LightRequest - Passing the Country Code of the Destination
  • Bugs and security fixes
  • Improvement of code quality

Main updates in dependencies:

Updates in dependencies in order to avoid reported related vulnerabilities or to get the need functionality.

  • logback from 1.1.2 to 1.2.0
  • BouncyCastle from 1.60 to 1.64
  • Shibboleth from 7.3.0 to 7.5.0
  • Opensaml from 3.3.0 to 3.4.3

Added dependencies:

  • swedenconnect.opensaml:opensaml-security-ext 1.0.5
2.3.1 29.10.2019

Main changes:

  • Added fix for a critical reported vulnerability.

Interoperability:

  • This release was successfully tested for interoperability with previous releases of eIDAS-Node v2.3 and v1.4.5
  • This release was successfully tested with Middleware v1.1.0
2.3 20.06.2019

Main changes:

  • Improvement in logging for better traceability of messages
  • Support of JCache: Ignite as default implementation
  • Migration to Java 8
  • Updated list of supported Web application servers:
    o   Glassfish 4: Full Platform replaced by Web Profile
    o   Dropped Tomcat 7, introduced Tomcat 9
    o   Dropped JBoss7, introduced Wildfly 15
  • Bugs and security fixes

Main updates in dependencies:

Updates in dependencies in order to avoid reported related vulnerabilities

  • BouncyCastle dependency was upgraded to v1.60
  • Bootstrap dependency was upgraded to v4.3.1
  • jQuery dependency was removed from the node (i.e., from the Generic parts)

2.2

 19.09.2018

The following main fixes were introduced:

  • Usage of simple DSI keys in SAML messages is implemented for encryption.
  • Allow SAML response for failed authentication with or with-out SAML assertion, based on request's application identifier.
  • Correction of wrong character encoding in metadata.
  • Support of Sub-CA for Metadata Signer to allow eIDAS Service to validate metadata.
  • Dependencies were refactored.
  • Security fix for processing authnrequest no longer allows for manipulation of issuer element.

The release successfully tested and works with Middleware versions 1.04 and 1.06.

2.1

16.07.2018

  • Change in Gender allowed values : Allow temporarily "Not Specified"

  • Add protocol versioning elements to metadata

  • Support of Sub-CA for Metadata Signer

  • Implement usage of simple DSI keys in SAML messages

  • Use of SingleSignOnService instead of hardcoded URLs

  • Build separation between Demo and Node modules

  • Update copyright headers and remove authorship

2.0

28.03.2017
  • There are now two deployment approaches; Standard (independent Specific and Generic applications) and Monolithic (single WAR file).
  • Architecture improvements are introduced to enable seamless upgrades of the eIDAS-Node in the future. MS Specific module has been split into Specific Proxy Service module and Specific Connector module.
  • Simple Protocol has been defined between the demo Service Provider 2.0 tools and the Specific Connector, and between the Specific Proxy Service and the demo Identity Provider 2.0 tools.
  • OpenSAML has been upgraded to version 3.0 in the eIDAS-Node core part.
  • A new look and feel.
1.4.4 18.12.2018
  • EID-667 - Improved the logging trail to address gaps with respect to message id and node id for entities with which the eIDAS-Node interacts, e.g., SP and IdP.
  • EID-652 - Problem in validation of entityID of SP
  • EID-658 - Interference with audit trail
  • EID-671 - Exposure to host header poisoning
  • Upgraded the dependencies listed below to avoid the vulnerabilities (CVEs) corresponding to their previous versions:
    1. Spring Framework to v4.3.18 from v4.1.0.
    2. Xerces to v2.12 from v2.11.
    3. JQuery to v3.3.1 from v1.11.3
  • This release has been successfully tested for interoperability with previous releases of eIDAS-Node versions of 2.2 and v1.4.3.
  • This release successfully tested and works with Middleware versions1.0.6 and 1.0.7.
1.4.3 13.09.2018
  • EID-617 - Error responses contains assertions with a false identity
  • EID-630 - Missing Assertion in failed authentication response should be OK
  • EID-643 - Wrong character encoding in ConnectorMetadata
1.4.2 07.08.2018
  • Removal of vulnerability EID-631: Issuer URL in SAML AuthnRequest can be manipulated
1.4.1 22.06.2018
  • German MW integration: Correction of the exception when parsing German metadata;
  • Addition of the protocol versioning elements to metadata;
  • Correction of Junit test for which metadata were expired;
  • Correction of Gender allowed values : Addition of temporarily "Not Specified" in Gender values validation;

v1.4

 06.10.2017
  • Support for the WebLogic 12.2 family;
  • Propagation of SPType to Proxy Service/IdP;
  • Correction to LegalPerson data set attributes;
  • Limiting the size of IdP supplied attribute values;
  • Improvements and fixes for several bugs; and
  • Documentation enhancements and improvements

v1.3

 16.06.2017
  • Better alignment with the requirements coming from the eIDAS technical specifications (e.g. support for natural and the Legal person MDS representation, removal of the validation of the OneTimeUse and SubjectLocality attributes, etc.)
  • Externalisation of configuration files for the eIDAS-Node, demo SP and demo IdP
v1.2 21.03.2017

  • This release is based on version 1.0 of the eIDAS technical specifications.

  • This release includes stability improvements.
v1.1 30.06.2016

  • definition of an abstraction and clear conformity of light Request/Response (in the module EIDAS-Light-Commons). These light objects (SAML agnostic) are designed to be used in the eIDAS-Node (SP to Connector) and also in the country specific modules (Proxy Service to IDP);

  • definition of an abstraction and a clear conformity for the country specific modules (in the module EIDAS-SpecificCommunicationDefinition). With this abstraction the dependency with the SAML Engine is no longer needed in the country specific modules;

  • improvements to the SAML Engine for complete independence and to able to be configured separately from the eIDAS-Node (metadata configuration, white list of signature and encryption algorithms);

  • definition of an attribute registry used by the SAML Engine to provide clear definition, conformity of the attributes supported (configuration based) and enforcing validation;

  • full coverage of the transliteration at the attribute and attribute registry level;

  • hardening to ensure immutability when necessary on the classes used in the SAML Engine (builder pattern)
v1.0 25.11.2015
  • Improved modularity 
  • Code refactoring
  • New look & feel
v0.9 21.09.2015
  • Support to eIDAS message format and extension of eIDAS metadata (eIDAS Technical Specificaitons)
  • Security improvements
  • Extension of the sample applications (Service provider, Identity provider and Attribute provider) to provide a sample of use of the EIDAS Regulation features 
  • Additional feature selector enforcing eIDAS Regulation compliance